On the heels of New York passing the Stop Hacks and Improve Electronic Data Security (SHIELD) Act in September 2019, the IRS issued a warning to tax preparers and accounting firms to ensure that they appropriately secure their customer data against the “evolving” and “sophisticated” techniques used by cybercriminals to access their systems. The warning identified several simple steps that firms can take to limit their risk of sensitive data loss. These best practices included, among others, the following:

• Use of strong passwords. Stay away from obvious words or phrases and utilize different cases, numbers, and special characters. Regularly change these passwords and encourage employees to do the same.
• Use of anti-phishing software. Invest in a solution that can help effectively identify, block, and warn you about phishing content sent via email or found online. Reassess how this software is meeting your needs annually as your business grows and cyberthreats evolve.
• Security awareness training for staff. Your cybersecurity protection is only as good as your weakest link which could be an uninformed employee. Train your entire staff annually on cybersecurity best practices.
• Backing up critical systems. Back-ups should take place nightly so you’re never at risk of losing more than a day’s worth of important data.
• Strong security policies and procedures. All employees should be required to acknowledge receipt of comprehensive policies about the acceptable use of computing. As part of this, every employee-related information technology policy should have a section outlining what may happen to an employee should they violate the rules.
• Incident response preparedness. In today’s cybersecurity landscape, it’s not a matter of if a data breach will occur, but when. You need to be prepared to act immediately when a cyberattack hits your business. An incident response plan should be tested annually and updated as needed based on new risks and any changing business circumstances.

Failure to adequately protect customer data against cyberattacks can result in costly fines – up to $250,000 under the Shield Act – as well as irreparable reputational damage and litigation by impacted clients. To help accounting firms and tax preparers remain in compliance with all federal and state cybersecurity laws, FoxPointe Solutions can help identify the weak or vulnerable security controls that could potentially lead to a data breach. Specifically, we offer the following:

• Comprehensive cybersecurity review
• Internal and external vulnerability scanning and analysis
• Penetration testing
• Policy and procedure creation / review
• Security awareness training
• Quarterly cybersecurity newsletter detailing latest threats and risks

At FoxPointe Solutions, we offer simple, cost effective security solutions to help limit your exposure to cybercriminals and protect customer data as required under the law. Contact us to learn more.

FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.